eIDAS 2.0: What It Means for Electronic Signatures in Europe

eIDAS 2.0 (Regulation 2024/1183) is the updated European Union framework for electronic identification and trust services, replacing the original eIDAS Regulation from 2014. The most significant change is the introduction of the European Digital Identity (EDI) Wallet, which will give every EU citizen and resident a government-issued digital identity usable for electronic signatures, authentication, and document sharing across all member states by 2026-2027.

What Is eIDAS?

eIDAS stands for electronic IDentification, Authentication and trust Services. It is an EU regulation — meaning it applies directly in all 27 member states without requiring national legislation. The original regulation (910/2014) established a legal framework for:

• Electronic signatures
• Electronic seals (for organizations)
• Time stamps
• Electronic delivery services
• Website authentication certificates
• Electronic identification schemes

eIDAS created a single market for trust services across the EU, ensuring that an electronic signature created in France is legally recognized in Germany, and vice versa.

What Changed from eIDAS 1.0 to eIDAS 2.0

eIDAS 2.0 (formally Regulation 2024/1183, amending Regulation 910/2014) was adopted by the European Parliament on February 29, 2024, and entered into force on May 20, 2024. Here are the key changes:

1. European Digital Identity Wallet

The headline change. Every EU member state must issue a free digital identity wallet to its citizens and residents. This wallet will:

• Store a government-verified digital identity
• Enable qualified electronic signatures without needing a separate signature creation device
• Share verified identity attributes (age, nationality, professional qualifications) selectively
• Work across all EU member states
• Be usable for both public services and private sector transactions

Impact on businesses: Once widely adopted, the EDI Wallet will make qualified electronic signatures (the highest legal level) accessible to every EU citizen at no cost. This could significantly shift the market away from proprietary signature platforms.

2. Mandatory Acceptance by Large Platforms

Under eIDAS 2.0, very large online platforms (as defined by the Digital Services Act — those with 45+ million EU users) must accept the EDI Wallet for user authentication. This includes platforms like Amazon, Google, Facebook, and Apple.

3. Updated Trust Service Provider Requirements

Trust service providers (TSPs) — the organizations that issue digital certificates and provide qualified trust services — face stricter requirements:

• Enhanced security and operational standards
• Mandatory breach notification within 24 hours
• Stronger liability provisions
• New requirements for electronic attestation of attributes

4. Electronic Attestation of Attributes

A new trust service type. Electronic attestations of attributes (EAAs) allow verified claims about a person — their educational qualifications, professional licenses, or organizational roles — to be issued, stored in the EDI Wallet, and shared selectively.

5. Archiving Services as Qualified Trust Services

Electronic archiving (long-term preservation of electronic documents and signatures) is now formally recognized as a qualified trust service, creating a standardized EU framework for document retention.

SES, AES, and QES: Understanding the Three Levels

eIDAS defines three levels of electronic signatures, each with increasing legal strength and technical requirements:

Simple Electronic Signature (SES)

What it is: Any data in electronic form attached to or logically associated with other electronic data, used by the signatory to sign.

Examples:

• Typing your name at the bottom of an email
• Clicking "I Accept" on a website
• Drawing a signature on a touchscreen
• Pasting a scanned signature image

Legal standing: Cannot be denied legal effect in court, but carries the least evidential weight. The burden of proof falls on the party relying on the signature.

When to use: Low-risk internal documents, non-binding acknowledgments, routine correspondence.

Advanced Electronic Signature (AES)

What it is: An electronic signature that meets four requirements defined in Article 26:

• Uniquely linked to the signatory
• Capable of identifying the signatory
• Created using data under the signatory's sole control
• Linked to the signed data such that any subsequent change is detectable

Examples:

• Signatures created through platforms like [SignQuick](/sign) with identity verification and audit trails
• Signatures using digital certificates
• Signatures using biometric data (fingerprint, facial recognition)

Legal standing: Higher evidential weight than SES. In practice, AES is the standard for most business-to-business transactions in the EU.

When to use: Contracts, agreements, HR documents, financial documents, any transaction where you want strong evidence of signer identity and document integrity.

Qualified Electronic Signature (QES)

What it is: An advanced electronic signature created by a qualified signature creation device (QSCD) and based on a qualified certificate issued by a qualified trust service provider (QTSP).

Key requirements:

• The signer must be identified in person or through equivalent verification
• The certificate must be issued by a QTSP listed on the EU Trusted Lists
• The signature must be created using a QSCD (hardware security module, smart card, or qualified remote signing service)

Legal standing: Equivalent to a handwritten signature by law. This is explicitly stated in Article 25(2) of the eIDAS Regulation. A QES has the highest possible legal standing and must be recognized across all EU member states.

When to use: High-value contracts, real estate transactions, government submissions, regulated industry documents, any scenario where legal certainty is paramount.

Comparison Table

The EU Digital Identity Wallet: What Businesses Need to Know

Timeline

How the Wallet Works

• A citizen downloads their member state's official wallet app.
• They verify their identity (in person or via existing eID scheme).
• The wallet receives a government-issued digital identity.
• Additional credentials can be added: driving license, diplomas, professional qualifications.
• When signing a document, the wallet creates a qualified electronic signature using the embedded certificate.
• When verifying identity online, the wallet shares only the necessary attributes (e.g., "over 18" without revealing exact birth date).

Impact on E-Signature Platforms

The EDI Wallet will create both challenges and opportunities for e-signature platforms:

• Challenge: QES becomes free for citizens, potentially reducing demand for paid signature services.
• Opportunity: Platforms that integrate wallet-based signing will offer the highest legal certainty with the best user experience.
• Transition period: It will take 2-3 years after wallet launch for adoption to reach critical mass. During this period, platforms must support both traditional and wallet-based signatures.

How eIDAS 2.0 Affects Businesses

For EU-Based Businesses

• Prepare for wallet acceptance — If you interact with EU citizens (customers, employees, partners), plan to accept EDI Wallet signatures and identity verification.
• Review your signature level — Ensure you are using the appropriate signature level (SES, AES, QES) for each document type. eIDAS 2.0 does not change the three-tier structure, but the wallet makes QES more accessible.
• Update privacy practices — The wallet's selective disclosure feature means you should only request the identity attributes you actually need.

For Non-EU Businesses Serving EU Customers

• Cross-border recognition — eIDAS 2.0 includes provisions for recognizing trust services from non-EU countries through mutual recognition agreements.
• Compliance requirement — If you provide services to EU citizens, you may need to accept EDI Wallet credentials under sector-specific regulations.
• Market opportunity — Early adoption of wallet compatibility signals commitment to the EU market and modern privacy standards.

How SignQuick Complies with eIDAS

SignQuick supports electronic signatures that meet the requirements for Simple Electronic Signatures (SES) and Advanced Electronic Signatures (AES) under eIDAS:

• Signer identification — Each signer is identified by email address, and the audit trail records their name, email, IP address, and browser information.
• Sole control — Signatures are created through a secure, authenticated session unique to each signer.
• Tamper detection — Signed documents include integrity verification that detects any post-signature modifications.
• Comprehensive audit trail — Every action in the signing process is logged with timestamps, creating a verifiable chain of evidence.

For businesses that require Qualified Electronic Signatures, we recommend using a qualified trust service provider in conjunction with SignQuick's document management and workflow capabilities. As the EDI Wallet rolls out, SignQuick plans to integrate wallet-based signing to offer seamless QES support.

Frequently Asked Questions

Do I need QES for all business documents in the EU?

No. The vast majority of business documents in the EU can be validly signed with SES or AES. QES is required only in specific scenarios defined by national law — for example, certain real estate transactions in Germany or employment contracts in Belgium. Unless your specific use case has a legal QES requirement, AES is sufficient for most business needs.

Is an e-signature from a U.S. platform valid in the EU?

Yes, with limitations. Under eIDAS, an electronic signature cannot be denied legal effect solely because it is in electronic form or because it does not meet the requirements for a qualified electronic signature. However, the evidential weight depends on the signature level. A signature from a U.S. platform like SignQuick would typically qualify as SES or AES under eIDAS, which is sufficient for most business transactions.

What happens to existing electronic signatures when eIDAS 2.0 takes full effect?

Existing signatures remain valid. eIDAS 2.0 does not retroactively invalidate signatures created under the original eIDAS framework. The regulation adds new capabilities (EDI Wallet, electronic attestations of attributes) and updates requirements for trust service providers, but does not change the fundamental three-tier signature structure.

How much does a Qualified Electronic Signature cost?

Currently, QES certificates cost between 50 and 300 euros per year from qualified trust service providers, plus per-signature fees on some platforms. Once the EDI Wallet is operational, EU citizens will be able to create QES at no additional cost using their wallet's built-in signing capabilities.

Will the EU Digital Identity Wallet be mandatory?

The wallet will be mandatory for member states to offer but optional for citizens to use. No one will be forced to adopt the wallet. However, large online platforms and certain public services will be required to accept wallet-based authentication, which will create strong adoption incentives.

How does eIDAS 2.0 relate to GDPR?

eIDAS 2.0 and GDPR are complementary. eIDAS governs the legal validity of electronic signatures and digital identity. GDPR governs the processing and protection of personal data. When using e-signatures, you must comply with both: ensure signatures are legally valid under eIDAS and personal data is processed lawfully under GDPR. The EDI Wallet's selective disclosure feature is specifically designed to support GDPR's data minimization principle.